How To: Add Microsoft Identity Provider Services to Virtuoso's Authentication Layer (VAL)

Here are the steps for integrating Microsoft’s Identity Provider Services into VAL i.e., Microsoft’s OpenID Connect Compliant Identity Provider (IdP) functionality as one of the IdP options exposed via VAL.

Conceptually, the process is as follows:

  1. Register your VAL-enabled Virtuoso instance as an Application (the Relying Party) with Microsoft’s Identity Provider Services – this occurs via Azure

  2. Add Microsoft’s Identity Provider to the the collection of IdPs registered with your VAL-enabled Virtuoso instance .

Application (Relying Party) Registration Related Steps

  1. Register an Application with Microsoft via Azure (you must have an Active Directory instance in place that’s associated with a subscription)
  2. Ensure you have an Active Directory instance in place that’s associated with a subscription
  3. Register your Application which includes Naming and Callback URL setup which concludes with the generation of an App ID

  1. Generate a Shared Secret (Private Key) for your App

At this juncture you have an App ID and its associated Shared Secret in place. In addition, you need to be aware of the IdP URL for Microsoft’s Login Services which is currently:
https://login.microsoftonline.com/common/oauth2/v2.0/

VAL Idp Setup Steps

This is achieved via the Conductor or OAuth Idp Admin UI (https:/{your-instance-cname}/oauth/admin.vsp).

Irrespective of interface, the steps are as follows, in regards to registering a new Custom IdP:

  1. Goto https://{cname}/oauth/admin.vsp

  2. Click on the “Add OAuth API Keys” button; an then uncheck the dynamic discovery checkbox (since Microsoft doesn’t currently support that modality)

  3. Fill in the form as follows

  1. Save

  2. Test VAL authentication via SPARQL endpoint or other services that use VAL for authentication

Screen Shot 2020-05-15 at 12.54.25 PM

Screen Shot 2020-05-15 at 12.54.57 PM

Here is a screencast demonstrating VAL using OpenID Connect for loosely-coupled interaction with OAuth Identity Providers.

Related